Microsoft has admitted that a serious flaw exists in all supported versions of Internet Explorer from IE5 right through the current betas, which could allow hackers to peer into user’s computers. Worse yet it is said some 10,000 websites have already been compromised to take advantage of the flaw, heightening the danger.

Right now hackers only appear to be stealing online gaming information. This could change — SANS Internet Storm Center expects the hackers to begin modifying the code to steal other (more personal) information.

Redmond’s suggestions to protect users include enabling “data execution prevention” (Tools > Internet Options > Advanced), and setting security settings to “high.” This may be a problem for some, as that setting disables active scripting.

My suggestion would be the same. Using Microsoft’s suggestions will cripple your online experience. So even if you are an IE fanboy, suck it up, download Firefox, and go back when Microsoft is ready. Don’t be stupid — it’s just a browser.

NoScript is a free plugin for Firefox that filters scripts, and to my knowledge is the only such solution. I would never surf the web and allow unrestricted website scripts to run through my browser.

Most web sites rely on Java, Flash, and Javascript to present their content. unfortunately, even “trusted” websites usually present cross-scripts (in the form of “ads”) from other sites which they neither monitor nor control.

It is these cross-scripts which is the major vulnerability for all browsers, and through which malicious code is introduced to computers.

NoScript filters all scripts by default and then presents a list of scripts to the user. The user chooses which ones to permit. Even keyboard redirecting scripts are caught (no browser in the world has this level of security).

I cant believe IE explorer allows web sites to copy DLL’s to the windows/system32 directory and update the registry to start up these hidden services. IT SHOULD NEVER ALLOW DLL’s to be copyed full stop.

After all these years it still allows it, too many features in IE.
Why cant it be rewritten and run in a sandbox with a micro kernal and mini registry so it it gets trashed just hit the flush button and a new one flushes out the old infected one.

Actually I surf the internet in a VMWARE virtual machine and if its hit i just delete the virtual machine and start a fresh one. It also gives me a chance to hit back at these Malware sites and report them. I monitor the system32 directory and track IP packets addresses to these sites and tell the authority’s. The malware DLLS plug in to the system DLLs slowing down windows while transmitting packets.

This is a unbelievable flaw, where talking about Malware, adware and the
VirtuMonde, Vundo.P, HBKernel32 ect..

Great scare tactics. Great for my business… But would you mind adding a few details? What is the NAME of the “virus” (all major A/V’s name things – like mydoom.v) Also, other than “perform windows updates” – how do you DETECT if your computer is infected?

4 Trackbacks For This Post

[…] An IE Security Flaw So Serious, Experts Suggest Switching|Technologizer Apparently its in all IE versions – even those as old as IE5, and even in the newest betas. __________________ "There’s nothing quite like a Holden" […]

[…] all:&nbspNews Well, that was quick. The serious flaw in Internet Explorer that we posted about Tuesday has been fixed through an out of cycle security patch. Typically, Microsoft holds its “Patch […]